Outrider Hints At Game-Changing Logistics Disruption
Outrider Revolutionizes Logistics with Reinforcement Learning-Driven Path Planning
In a major …
23. December 2024
Ransomware to Cause ‘Bumpy’ Security Ride in 2025: Experts Warn of Rising Threats
The world grapples with the ever-evolving landscape of cybersecurity threats, and experts warn that 2025 will be a challenging year for APAC enterprises. According to Rapid7, ransomware attacks will continue to plague the region, with the cybersecurity tech vendor predicting a “bumpy ride” for security and IT professionals.
The rise of ransomware incidents has been steady over the past couple of years, with 21 new ransomware groups emerging globally in the first half of 2024, according to Rapid7’s Ransomware Radar Report. These groups doubled their takings to $1.1 billion in ransom payments in 2023, highlighting the growing threat of these attacks. The emergence of new groups has led to a significant increase in ransomware-related incidents, with the threat landscape becoming increasingly complex.
PwC’s annual Digital Trust Insights (DTI) survey revealed that 14% of the region identified zero-day vulnerabilities as one of the top third-party-related cyber threats in 2024. This issue could linger into 2025, making it essential for organizations to prioritize their security measures. Zero-day vulnerabilities pose a significant risk to organizations, as they can be exploited by attackers to gain unauthorized access to sensitive data.
The takedown of LockBit, an international effort to disrupt ransomware operators, has not had the desired effect, with these groups continuing to thrive. Rapid7 predicts increased exploitation of zero-day vulnerabilities in 2025, as these groups expand their attack vectors and bypass traditional security measures. The rise of ransomware groups has led to a significant increase in the number of zero-day vulnerabilities being exploited, making it essential for organizations to stay vigilant.
Raj Samani, Rapid7’s chief scientist, notes that ransomware groups are gaining access to “novel, new initial entry vectors,” or zero-day vulnerabilities, at an alarming rate. These groups are exploiting basic hygiene practices, such as password management, which can ensure that secure foundations are in place. Samani emphasizes the importance of asking tough questions of AI security vendors. “What is their detection strategy, and what is their response strategy?” he asks. “Do you have an incident response retainer? Do you conduct regular testing? What about penetration testing?” By asking these questions, organizations can ensure that they are working with reputable vendors who can provide effective security solutions.
To combat this, organizations should also focus on understanding and mapping their entire attack surface, including cloud, on-premise, identities, third parties, and external assets. By prioritizing risks and mapping exposed assets to business-critical applications and sensitive data, organizations can better protect themselves against ransomware attacks. Samani also emphasizes the importance of broadening ingestion pipelines, gathering data from many sources, normalizing data across sources, and having a methodology for determining an asset.
As the threat of ransomware continues to evolve, it is essential for organizations to take a proactive approach to cybersecurity. By prioritizing security measures, asking tough questions of vendors, and taking a proactive approach to threat detection, organizations can reduce their risk of falling victim to ransomware attacks and ensure that they are prepared for the challenges of 2025.